icedtea-web

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Additional components for OpenJDK - Browser plug-in and Web Start implementation
Version 1.8.6-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1017 1.7-1 1.8.3-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2019-10185 AVG-1017 High Yes Directory traversal
It was found that icedtea-web was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to...
CVE-2019-10182 AVG-1017 High Yes Directory traversal
It was found that icedtea-web did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially...
CVE-2019-10181 AVG-1017 High Yes Insufficient validation
It was found that executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject...